#!/usr/bin/env bash
set -euxo pipefail

# This script runs a command to generate a baseline of secrets.

detect-secrets scan \
  --exclude-files "\.lock$"   `# ignore lock files, they are large and full of hashes` \
  --exclude-files "\.png$"    `# ignore image files` \
  --exclude-files "\.webp$"   `# ignore image files` \
  --exclude-files "\.jpg$"    `# ignore image files` \
  --exclude-files "\.jar$"    `# ignore jar files`   \
  --exclude-files "__generated__"      `# ignore relay generated files` \
  --exclude-files "ios\/.*\.xcscheme$" `# ignore Xcode scheme files`    \
  --exclude-secrets '[a-fA-F0-9]{24}' `# ignore mongoid like patterns` \
  > .secrets.baseline
